Richard Varn: We have two choices in Mountain View, San Antonio is good as well. Please add more meetings. We're taking this off the Agenda for the future. We want to make sure people know where it is, please add to the list from now on. ✪

Topic: Requirements

Richard Varn: Make sure that your industry or interest is well represented there. ✪

Richard Varn: That is what the group is going to prioritize in the near future, and if there isn't a requirement listed on there, it'll be hard to get the requirement added later once we get rolling. ✪

Manu Sporny: Make sure you get your requirements added to the list. If you don't, we may not be able to prioritize your work. ✪

Richard Varn: For example, how is PII protected, what's the requirement there? How can you find people that have claims, assuming they want to be found. ✪

Richard Varn: We may want to know how credentials are being used by customer, for example, education industry. ✪

Richard Varn: Badge Alliance, IMS Global, don't know if all of those have been brought in. ✪

Joe Andrieu: I need to go through this, will respond to the list, especially w/ Refugee Crisis. Question about process, don't we keep working on these? ✪

Manu Sporny: Yes, but we need a list of requirements now, and then prioritize. ✪

Christopher Allen: Don't we need to analyze use cases, then get requirements, pick use case per week, have people read use case in advance per week or something. ✪

Christopher Allen: Given what seems to be happening, charter and purpose, requirements that we can't define. Like, requirement that this stuff can be encrypted, but that's not part of our charter, our charter is the data format, not the signature mechanism, not anti-correlation mechanism, we need to divide up some of the requirements. ✪

Christopher Allen: We need to make sure we pass upstream, in order for VC to function, it needs requirements X, Y, and Z, from systems that they exist in. ✪

Richard Varn: We have discussed this, the use cases should individually inform the generic, we don't have use case for every possible use of this. We need to make sure we don't gather unique things, more broadly capturable things. ✪

Richard Varn: We want to incorporate, leave placeholders for stuff that may be out of scope, but call it out. ✪

Richard Varn: The model has to reflect the importance of this stuff, point to areas that need further work. ✪

Jonathan Holt: Thinking along the line wrt. revoking the claim, primary subject, comment is tangential - the ability to refute the claim - example is "I have to be a triple board certified position", certified in pediatrics, oncology... has to do with the requirements. ✪

Richard Varn: Manu need to focus on the needs of the implementer and not focus too much on the use cases ✪

Richard Varn: ChristopherA there is a lot of stuff like searching for claims that is out of scope and we have a long list of those that are needed for the system to work that are out of scope. Need to say here are requirements that are not ours but we need to be able to work with them ✪

Christopher Allen: I can understand the desire to implement, but I do have a concern, there are a lot of things that are needed in order to do what we need to do. Things like protocols, requesting or searching for claims - those are out of scope. Anti-correlation methods out of scope, signatures out of scope, timestamps out of scope, long list of things for the system to work that are out of scope. We need to be able to say - in order to implement these data standards external to the group, here are things that need to happen. There are certain things we could do improperly/without forethought, that could make things more correlatable. ✪

Christopher Allen: I don't know what the process is to differentiate these categories. ✪

Richard Varn: Manu put them all in and we will move them to a section that says others are dealing with it, not us, later ✪

Christopher Allen: I'm more worried about the protocol work items that are outside of the group, we should be able to get data format done quickly. ✪

Joe Andrieu: Part of what happened is that I looked at issue, which is about a specific section, after the discussion, the privacy considerations section didn't flow with what I wanted to write. The scope became bigger and indigestible. ✪

Joe Andrieu: Who drafted that first pass? Can I understand the direction? ✪

Joe Andrieu: What's the framing here? The task seems to be suggest changes throughout 5... ✪

Manu Sporny: Focus specifically on the section in the issue tracker. ✪

Joe Kaplan: Yes, that's helpful. My meta-concern is that this may not be the best way to get this written. We had set out to sign up and write a section, we aren't getting people to do that. That's how I struggled with it, I can get paragraphs together. Is this the right way to get them fleshed out. ✪

Richard Varn: We'll get this fleshed out on the next call, make sure task is appropriately defined. ✪

Richard Varn: I know we talked a bit about this in the past, correlatability required by law, are you covering both? Mandate where you are focusing? ✪

Joe Andrieu: Even if you are trying to avoid correlatability, you can be correlated via usage patterns. Because of how you use it, you are being correlated. ✪

Richard Varn: Some of correlation of usage, you can detect fraud, drug abuse, and correlatability is important. ✪

Joe Andrieu: That is a point that came out of prescription scenario, usage pattern element, maybe I should cover that here. Let me try and weave that in. ✪

Richard Varn: What would be required to finish this item. This discussion is what's valuable, use this as a model case. Let's focus on this type of work. ✪

Jonathan Holt: This is about potential re-identification, uniquely identified, this is not unintended, it's purposefully reidentification. In the issue tracker, my comment was about Govenor Weld from Massachusetts. Ability to re-identify... ✪

Jonathan Holt: The topic is about usage patterns. Usage patterns by whom? ✪

Joe Andrieu: There are two use cases where, in wells case, wells doesn't want to be reidentified. In other case, prescription use case, we need to allow for that. ✪

Jonathan Holt: Privacy concern is, what we perceived as reidentified - false sense of security. 43 year old male from zip 32423, using voting registration will know how I voted in last election because I bought something. ✪

Jonathan Holt: Then, I think the Gov Weld example is good to reference as an example of "usage pattern". ✪

Richard Varn: Sometimes it's legal to do, sometimes it's illegal - you can add modifiers, surprise/disadvantage of person still exposed. Other regimes that discuss this, bring those factors in, what would be relevant to different cases, government may be prevented, reporters might be breaking HIPAA, etc. ✪

Topic: Primary or Secondary Subject

Jonathan Holt: As a physician, there are many different companies out there that monetize claims, some of those claims are erroneous. Because I've worked in pediatric hospitals, they infer that I'm board certified even though I'm not... more about revoking claims vs. refuting. In the model, the way primary identifier is used, NPI number is used. Certification matters, but it's interesting because companies make money by suggesting using other claims. ✪

Christopher Allen: I like this concept of reputation, but it's companion is the other side of it, knowing more about the claims themselves. Question of being able to put evidence into the claim, relying on other parties. ✪

Christopher Allen: Noah and Harlan called it "evidence", that is going to come up more. When people are not the first party to the claim, but they are the only party that can issue it. ✪

Christopher Allen: Sometimes because of liability they can/can't issue. We want to be able to model that, for people that are responsible, best practice for a claim such that it allows for these sorts of things to be differentiated. ✪

Richard Varn: We don't want to get into challenging claims, we want the ability to say "refute" - we'll put it on the Agenda. ✪

Joe Andrieu: My first response is, reputation is a statement about claims, this maps to "things that a subject must be able to do". ✪

Joe Andrieu: We don't say that "users are allowed to do X, Y, and Z in the system" ✪

Richard Varn: Reputation or alternative use - we need a place in the data model... ✪